[Cooker] Server Security Warnings

[Frank Griffin]

This one's been bothering me for a while, but I've seen it again in 9.1 so I'll raise the issue now.

After package selection, the install detects whether you've requested certain servers and puts up a dialog saying that they may be insecure and do you really want to install them. Later on, (at least in what used to be called the Expert Install), you are given a much more polished dialog that allows you to prevent any installed servers from starting at boot.

From the standpoint of an inexperienced user, this makes no sense. From the standpoint of an experienced user, it's an annoyance.

There is no correlation between installing a server package and any security holes that may be introduced by actually running it. The initial prompt that asks if you want to install the servers is useless, and should be removed. Most newbies have chosen package categories without having gone to Individual Package Selection, and have no idea what categories the servers belong to, or what they might be screwing up if they don't install them. I very much doubt that anybody ever backs off at this point.

To address the security concern, you should really make the later dialog (choosing/modifying which servers start at boot) unconditional for all classes of install, and include the security warnings there, It is perfectly reasonable for a newbie to want to let the installation install as much as possible, and then sit back and say "well, I won't run it if I don't need it, but it's there if I want it". Most of them do not, at that point, know how easy MCC/SoftwareManagement is, and may figure that it's better to let the installation install this stuff than have to worry about doing it later on.

If there are actually any cases where having something installed (but not running) is a security risk, then point that out during the later dialog. But don't ask questions the user can't answer (newbie) or just finds annoying (expert) before installation.

Maybe part of the "which servers do you want to run at startup" dialog could display known security issues for each server as its line-item is selected (just like rpmdrake displays the package description when you select the package). And, the initial dialog that displays the server list could state why it's being displayed and what the concerns (in general) are, and recommend that you not run anything you're not sure you need. Of course, it should also point out that there are certain servers without which a Mandrake system is going to run into problems.